18 SEP 2019 SEC WGM Minutes

Date: 18 Sep 2019

Quarter: Q1-Q4

Minutes Approved as Presented

This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."

Goals

Set goals, objectives or some context for this meeting.

Discussion items

Time	Item	Notes
Q1		Chaired by EHR
	Joint WG In-depth discussion - EHR hosting SEC, FHIR-I CBCP SOA Security topics for the agenda PSAF Vol3 Provenance Ballot Outcome - Mike Davis Model-based Transformation Service - Matt Lord GDPR FHIR IG Update - Alex Mense FHIR Connectathon Findings - John Moehrke Sharing with Protections - Mike Davis
Q2		Chaired by
	Joint FHIR Privacy and Security Topics FHIRcast Updates - Isaac Vetter - see FHIRcast slides STU1 ballot status Connectathon report-out Plans for STU2 security & websockets Wg discussion follow-up: OAuth2 scope syntax - Josh M's DevDays presentation, overview of structured OAuth2 scopes Basic Provenance IG Ballot Outcome & Reconciliation - Brett Marquard/Russ Ott
Q3		Chaired by
	Security hosting CBCP and FHIR-I FYI: (note 16 CR are approved but not yet applied - sorry, will get to it soon) couple of projects using compartments and some security tags -- Query is Execute - explained Audit recommendation to include subject/patient whenever possible inclusion of ISO lifecycle events add a query parameter on Provenance activity add to Provenance pointers to known IG starting with QEDm add to auditEvent a severity element add reference to security model - udap improve text around Provenance and transform actions FIx some issues with mapping to DICOM TODO: classification datatypes and core resources relative to De-Identification https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=24452&start=0 do we need a standardized method to enable provisioning of a patient user identity? https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=23776&start=0 Provenance and relevantHistory - https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=20758&start=0 Query on Provenance.target when guidance is to use versioned id in Provenance.target -- grahame has indicated that servers should know to index only the non-version portion of the id in .target. Which then brings up the question of how to find the specific Provenance for a specific version, which is to be handled as a client side inspection of the full results for the one Provenance with that version in .target. -- not yet a CP Provenance.target pointing more finegrain at elements within Resource that were modified https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=23076&start=0 provenance.activity valueset is not useful, needs atleast ehr lifecycle https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=23712&start=0 ** 22104 has already agreed to use the codes from audit which include lifecycle. So what more is needed, and if more is needed it should be added to the one valueset not have divergent valuesets. any other open issue Vocabulary synchronization issues*. security tag for "COPY" -- is this vocabulary ready to be used? https://gforge.hl7.org/gf/project/fhir/tracker/?action=TrackerItemEdit&tracker_item_id=19311&start=0
Q4		Chaired by Alex Mense
	GDPR Session GDPR FHIR IG - Alex Mense

Action items

Space shortcuts

Page tree